Hello Israel, Thanks a lot for the suggestion!
> I do not think it is worth it to change the current behavior of PostgreSQL
> in that sense. Well, I am not suggesting to change the current behavior of PostgreSQL in that matter. Quite the contrary, I find this feature very convenient, specially when you need to deal with many different clusters. What I am proposing is rather the possibility to disable it on demand :) I mean, in case I do not want libpq to try to authenticate using the certificates in `~/.postgresql`.> PostgreSQL looks for the cert and key under `~/.postgresql` as a facility.
> These files do not exist by default, so if PostgreSQL finds something in > there it assumes you want to use it.Yes. I'm just trying to find an elegant way to disable this assumption on demand.
> I also think it is correct in the sense of choosing the certificate over > a password based authentication when it finds a certificate as the cert > based would provide you with stronger checks. I couldn't agree more.> It would require that you move the SSL cert and key from `~/.postgresql` to > somewhere else and specify `sslcert` and `sslkey` in the expected service in the
> `~/.pg_service.conf` file.That's exactly what I am trying to avoid. IOW, I want to avoid having to move
the cert files to another path and consequently having to configure 30 different entries in the pg_service.conf because of a single server that does not support ssl authentication.I do realize that this patch is a big ask, since probably nobody except me "needs it" :D
Thanks again for the message. Much appreciated! Best, Jim
smime.p7s
Description: S/MIME Cryptographic Signature
